The Time for Cybersecurity Awareness is Now!
On both sides of the Atlantic, October is officially called Cybersecurity Month. Throughout this month, the EU's European Cybersecurity Month campaign and the US' Cybersecurity Awareness Month campaign will both aim to shine a spotlight on the current challenges for system administrators, and indeed anyone who has an online device that they wish to protect. As the trend toward remote working continues apace, there is a clear need to stay vigilant in our rapidly changing digital world.
The Cybersecurity Awareness Month Themes of 2021
The US theme for 2021 is poetically called "Do Your Part. #BeCyberSmart." This theme emphasizes that every individual and organization has a role to play in online safety and that there is a need to be proactive to ensure cybersecurity at home and in the workplace.
Each week will have a different focus: the first week will highlight the simple actions that can be taken to ensure digital security; the second will provide training in how to spot and report phishing attempts to prevent ransomware and other malware attacks; the third week, which is the Cybersecurity Career Awareness Week of the National Initiative for Cybersecurity Education, will celebrate the global cybersecurity workforce; while the final week will emphasize the increasing importance of cybersecurity and staying safe online.
The EU's annual awareness campaign, the European Cybersecurity Month (ECSM), which takes place over the same month, is coordinated by European Union Agency for Cybersecurity (ENISA) and the European Commission and is supported by the EU Member States and international partners. Under the motto, "Think Before U Click #ThinkB4Uclick", this year's EU themes are about guidelines on what to do should you fall victim to a cyber-attack and on how to improve cybersecurity at home. New features this year include the hosting of an interactive map of Europe indicating where cyber-attacks can be reported and an online quiz inviting the public to test their knowledge of cyber-threats.
The overarching message of the month for both the EU and the US is that cybersecurity is a shared responsibility. The organizers are eager to ensure that everyone has the knowledge and tools to do their part in maintaining safe access to the internet.
A Growing Awareness of Cyber Threats
The risk posed by cyber-attacks is growing. The US Federal Trade Commission reported that identify theft attempts increased by 50% last year, while malware attacks increased by 358% and ransomware by 435%.
Indeed, high-profile incidents, such as the ransomware attack on the Colonial Pipeline, a major US pipeline, in April, have generated a sense of urgency to the issue of cyber-attacks.
Lansweeper CEO Dave Goossens says that he welcomes the White House's serious approach to cybersecurity reflected in its holding of a Cyber Summit of business leaders in August. However, he emphasizes that cybersecurity is an important issue for all businesses, both large and small and that everyone has a responsibility to act.
The Response to Cyber Threats
Despite the growing awareness, a 2021 report by IDG revealed that 78% of senior and IT security leaders believe that their companies are inadequately protected against cyberattacks. Their concern is therefore not if a cyberattack will occur but when, as without proper protection an attack is sure to happen at some point. To encourage IT professionals to be more proactive in their response to increased cybercrime, Lansweeper has drawn up 10 tips for strengthening protection against cyber-attacks.
A Critical First Step in Cybersecurity
For companies to respond better to cyber threats, they need to realize that the first step in protecting an asset is knowing that it exists and that it is connected to your network. It sounds so simple, but a solid cybersecurity strategy is built on a reliable detection and inventory process. That is why Lansweeper is so fundamental for cybersecurity.
For example, yet another major vulnerability was found in the Print Spooler service for Windows which allowed hackers to remotely execute commands to take over a company's Windows domain server. Lansweeper responded by building a special vulnerability report to find vulnerable domain controllers. This report scans your entire network and provides you with a complete overview of all domain controllers and their Windows Print Spooler service status. Sysadmins used this to immediately disable the service where needed and prevent outsider access.
As illustrated, the discovery of hard- and software data is simply essential for safeguarding against cybersecurity attacks. The Cybersecurity Awareness Month campaign presents us with a great opportunity to highlight that even further.
Leverage These Seven Useful Cybersecurity Resources
Once you've established your asset inventory baseline, you can start to dig deeper. We've listed seven resources below which you can leverage throughout cybersecurity awareness month and beyond.
1. Vulnerability Updates
Lansweeper holds more than 500 built-in network reports in the report library, but ad-hoc vulnerabilities mostly require a customized Vulnerability Report to provide a reliable assessment of whether updates are required. We regularly create customized hardware and software reports to address known security issues. For instance, we created a report that checks if your network remains vulnerable to the Top 8 Most Exploited Vulnerabilities, and we have released a special report that highlights devices that are vulnerable to the Windows Zerologon Flaw.
Receive the Latest Vulnerability Updates
2. CIS 18 Critical Security Controls®
You can't protect what you don't know exists. The top 6 CIS Critical Security Controls of the Center for Internet Security highlight the importance of knowing what devices you have and the software that is running on them. A well-maintained Asset Inventory Database is key in building a more comprehensive security program based on the CIS Security Controls. Learn how you can leverage your asset inventory database to tackle the first 6 critical CIS controls.
3. Patch Tuesday Audit Reports
Every second Tuesday of the month, 'Patch Tuesday', Microsoft releases a scheduled security fix. Every month, we create a Patch Tuesday Audit Report which checks if the assets in your network are on the latest Windows Patch Tuesday update. It gives you an easy and quick overview of which assets are already on the latest Windows update, and which ones still need to be patched.
4. AI-powered Detection
Lansweeper sports some considerate firepower for companies looking to waterproof their IT estate. Thanks to its AI-powered Asset Radar, Lansweeper can unobtrusively scan networks for rogue devices and immediately alert administrators of any issues. It doesn't matter how brief the connection was, Asset Radar will detect a rogue device instantly. This feature works wonders with our CDR or Credential-Free Device Recognition technology. Because the moment Asset Radar detects a device, our CDR will identify the device and provide you with information that would otherwise need credentials to be retrieved. For more information on detecting rogue devices with Lansweeper click here.
5. Splunk & Axonious Integrations
Lansweeper's security offer is also bolstered by two integrations that can additionally protect your IT asset inventory: Splunk, which is an app that identifies risks and vulnerabilities, along with non-compliance issues, before they become a problem; and a data connector that enables users to import Lansweeper asset data into the Axonious Cybersecurity Asset Management system. Axonious automatically aggregates and correlates asset data to produce a reliable asset inventory for security, IT, and risk teams.
6. End of Life Audits
Every software product has a lifecycle, and the product lifecycle ends when it's no longer supported. The largest risk of running End-of-Support software is flawed security and your computer becoming a gateway for malware. Since the manufacturer no longer provides security updates, any vulnerabilities found by hackers can be exploited over and over again. Additional issues of running EOL software include compliance and audit issues, poor reliability and performance, higher operating costs, and software incompatibilities. We regularly create EOL Audit Reports so you can prepare your network for the upcoming End-of-Life software. Find all our End-of-Life reports here.
7. Remote IT Asset Management to Tackle BYOD & Remote Working
Trends like BYOD and remote working are here to stay, and they will remain even after COVID. IT departments around the globe are under greater pressure and require guidance and resources to stay in control. Read our dedicated blogs on this topic to help you get started:
- Remote IT Asset Management
- Mobile Device Management for IT Professional
- Working from Home: Tips to Secure Your Remote Workforce.
And as the last bonus resource to start off Cybersecurity Awareness Month well prepared, tackle the ongoing cryptocurrency dangers with Lansweeper's specialized cryptojacker reports to uncover potential cases of cryptojacking software in your own network today.